|
[^] Back
| 192.168.0.109 |
Scan time :
| Start time : | Thu Apr 24 06:32:02 2008 |
| End time : | Thu Apr 24 06:35:48 2008 | |
Number of vulnerabilities :
| Open ports : | 14 |
| Low : | 16 |
| Medium : | 3 |
| High : | 2 | |
|
Information about the remote host :
| Operating system : | HP JetDirect Printer |
| NetBIOS name : | HP0016354CDF35 |
| DNS name : | HP0016354CDF35. | |
|
[^] Back to 192.168.0.109
| Port netbios-ns (137/udp) |
| Using NetBIOS to retrieve information from a Windows host |
Synopsis :
It is possible to obtain the network name of the remote host.
Description :
The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.
Risk factor :
None
Plugin output :
The following 3 NetBIOS names have been gathered :
HP0016354CDF35 = Computer name
HP0016354CDF35 = File Server Service
PRINTER = Computer name
The remote host has the following MAC address on its adapter :
00:16:35:4c:df:35
CVE : CVE-1999-0621, CVE-1999-0621
Nessus ID : 10150
|
[^] Back to 192.168.0.109
| Port ismserver (9500/tcp) |
[^] Back to 192.168.0.109
| Port sidewinder-game-voice (9110/tcp) |
[^] Back to 192.168.0.109
| Traceroute |
For your information, here is the traceroute from 192.168.0.106 to 192.168.0.109 :
192.168.0.106
192.168.0.109
Nessus ID : 10287
|
[^] Back to 192.168.0.109
| Obtain system info type via SNMP |
Synopsis :
The System Information of the remote host can be obtained via SNMP.
Description :
It is possible to obtain the system information about the remote
host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1.
An attacker may use this information to gain more knowledge about
the target host.
Solution :
Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
System information :
sysDescr : HP ETHERNET MULTI-ENVIRONMENT
sysObjectID : 1.3.6.1.4.1.11.2.3.9.1
sysUptime : 0d 0h 1m 24s
sysContact :
sysName : printer
sysLocation :
sysServices : 72
Nessus ID : 10800
|
| Obtain network interfaces list via SNMP |
Synopsis :
The list of network interfaces cards of the remote host can be obtained via
SNMP.
Description :
It is possible to obtain the list of the network interfaces installed
on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0
An attacker may use this information to gain more knowledge about
the target host.
Solution :
Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Interface 1 information :
ifIndex : 2
ifDescr : Eth0
ifPhysAddress : 0016354cdf35
Interface 2 information :
ifIndex : Eth0
ifDescr :
ifPhysAddress :
Nessus ID : 10551
|
| Discover HP JetDirect EWS Password via SNMP |
Synopsis :
The administrative password of the remote HP JetDirect printer can be obtained
using SNMP.
Description :
It is possible to obtain the password of the remote HP JetDirect
web server by sending SNMP requests.
An attacker may use this information to gain administrative access
to the remote printer.
Solution :
Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.
http://www.securityfocus.com/archive/1/313714/2003-03-01/2003-03-07/0
Risk factor :
High
Plugin output :
Remote printer password is :
CVE : CVE-2002-1048
BID : 5331, 7001
Nessus ID : 11317
|
| Default community names of the SNMP Agent |
Synopsis :
The community name of the remote SNMP server can be guessed.
Description :
It is possible to obtain the default community names of the remote
SNMP server.
An attacker may use this information to gain more knowledge about
the remote host, or to change the configuration of the remote
system (if the default community allow such modifications).
Solution :
Disable the SNMP service on the remote host if you do not use it,
filter incoming UDP packets going to this port, or change the
default community string.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Plugin output :
The remote SNMP server replies to the following default community
strings :
private
public
CVE : CVE-1999-0186, CVE-1999-0254, CVE-1999-0516, CVE-1999-0517, CVE-2004-0311, CVE-2004-1474
BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986
Nessus ID : 10264
|
[^] Back to 192.168.0.109
| Port pdl-datastream (9100/tcp) |
[^] Back to 192.168.0.109
| Service detection |
The service closed the connection without sending any data
It might be protected by some TCP wrapper
Nessus ID : 22964
|
[^] Back to 192.168.0.109
| Host FQDN |
192.168.0.109 resolves as HP0016354CDF35.
Nessus ID : 12053
|
| OS Identification |
Remote operating system : HP JetDirect Printer
Confidence Level : 100
Method : SNMP
Not all fingerprints could give a match - please email the following to [EMAIL PROTECTED] :
HTTP:!:Server: Virata-EmWeb/R6_0_1
SinFP:!:
P1:B11013:F0x12:W17520:O0204ffff:M1460:
P2:B11013:F0x12:W17376:O0204ffff01030300010104020101080affffffff44454144:M1460:
P3:B11020:F0x04:W0:O0:M0
P4:3205_7_p=9290R
SNMP:HP ETHERNET MULTI-ENVIRONMENT
The remote host is running HP JetDirect Printer
Nessus ID : 11936
|
| Information about the scan |
Information about this scan :
Nessus version : 3.2.0
Plugin feed version : 200804231534
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.0.106
Port scanner(s) : synscan
Port range : 1-65535
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 10
Max checks : 5
Recv timeout : 5
Scan Start Date : 2008/4/24 6:32
Scan duration : 223 sec
Nessus ID : 19506
|
| Check open ports |
The following ports were open at the beginning of the scan but are now closed:
Port 7435 was detected as being open but is now closed
Port 9101 was detected as being open but is now closed
Port 9102 was detected as being open but is now closed
This might be an availability problem related which might be due to the following reasons :
- The remote host is now down, either because a user turned it off during the scan
- A network outage has been experienced during the scan, and the remote
network cannot be reached from the Vulnerability Scanner any more
- This Vulnerability Scanner has been blacklisted by the system administrator
or by automatic intrusion detection/prevention systems which have detected the
vulnerability assessment.
In any case, the audit of the remote host might be incomplete and may need to
be done again
Nessus ID : 10919
|
[^] Back to 192.168.0.109 [^] Back to 192.168.0.109
| Service detection |
The service closed the connection without sending any data
It might be protected by some TCP wrapper
Nessus ID : 22964
|
[^] Back to 192.168.0.109
| Service detection |
A web server is running on this port.
Nessus ID : 22964
|
| HTTP Server type and version |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Virata-EmWeb/R6_0_1
Nessus ID : 10107
|
| HyperText Transfer Protocol Information |
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Solution :
None.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Server: Virata-EmWeb/R6_0_1
Transfer-Encoding: chunked
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Nessus ID : 24260
|
[^] Back to 192.168.0.109 [^] Back to 192.168.0.109
| Port bacula-fd (9102/tcp) |
[^] Back to 192.168.0.109
| Port netbios-ssn (139/tcp) |
| SMB Detection |
An SMB server is running on this port
Nessus ID : 11011
|
| SMB NativeLanMan |
Synopsis :
It is possible to obtain information about the remote operating
system.
Description :
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : [
The remote native lan manager is :
The remote SMB Domain Name is :
Nessus ID : 10785
|
| SMB log in |
Synopsis :
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it using one of the following
account :
- NULL session
- Guest account
- Given Credentials
See also :
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk factor :
none
Plugin output :
- NULL sessions are enabled on the remote host
- Remote users are authenticated as 'Guest'
CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595
BID : 494, 990, 11199
Nessus ID : 10394
|
| SMB guest account for all users |
Synopsis :
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it as a guest user using a
random account.
Solution :
In the group policy change the setting for
'Network access: Sharing and security model for local accounts' from
'Guest only - local users authenticate as Guest' to
'Classic - local users authenticate as themselves'.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE : CVE-1999-0505
Nessus ID : 26919
|
[^] Back to 192.168.0.109
| Port bacula-dir (9101/tcp) |
[^] Back to 192.168.0.109
| Port apache-administration-server (8089/tcp) |
| Service detection |
A web server is running on this port.
Nessus ID : 22964
|
|
